Vulnerability-Lookup

CVE-2023-22655 (GCVE-0-2023-22655)

Vulnerability from cvelistv5 – Published: 2024-03-14 16:45 – Updated: 2025-02-13 16:44

Summary

Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

CWE

escalation of privilege
CWE-693 - Protection mechanism failure

Assigner

intel

References

URL

Tags

	https://www.intel.com/content/www/us/en/security-…
	https://security.netapp.com/advisory/ntap-2024040…
	https://lists.debian.org/debian-lts-announce/2024…

Impacted products

	Vendor	Product	Version
	n/a	3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:49.758Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240405-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:intel:3rd_gen_intel_xeon_scalable_processor_family:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "3rd_gen_intel_xeon_scalable_processor_family",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:xeon_d_processor:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xeon_d_processor",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:4th_generation_intel_xeon_platinum_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "4th_generation_intel_xeon_platinum_processors",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:4th_generation_intel_xeon_gold_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "4th_generation_intel_xeon_gold_processors",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:4th_gen_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "4th_gen_intel_xeon_scalable_processors",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:4th_gen_intel_xeon_platinum_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "4th_gen_intel_xeon_platinum_processors",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:4th_gen_intel_xeon_gold_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "4th_gen_intel_xeon_gold_processors",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:4th_gen_intel_xeon_silver_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "4th_gen_intel_xeon_silver_processors",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:4th_gen_intel_xeon_bronze_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "4th_gen_intel_xeon_bronze_processors",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:xeon_cpu_max_series_processors:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xeon_cpu_max_series_processors",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:4th_gen_intel_xeon_scalable_processors_with_intel_vran:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "4th_gen_intel_xeon_scalable_processors_with_intel_vran",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22655",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-14T18:28:48.835937Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T18:17:37.653Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "escalation of privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-693",
              "description": "Protection mechanism failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-04T16:05:52.199Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240405-0006/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-22655",
    "datePublished": "2024-03-14T16:45:46.683Z",
    "dateReserved": "2023-01-27T04:00:04.248Z",
    "dateUpdated": "2025-02-13T16:44:02.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html\", \"name\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240405-0006/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:13:49.758Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-22655\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-14T18:28:48.835937Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:intel:3rd_gen_intel_xeon_scalable_processor_family:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"3rd_gen_intel_xeon_scalable_processor_family\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:intel:xeon_d_processor:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"xeon_d_processor\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:intel:4th_generation_intel_xeon_platinum_processors:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"4th_generation_intel_xeon_platinum_processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:intel:4th_generation_intel_xeon_gold_processors:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"4th_generation_intel_xeon_gold_processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:intel:4th_gen_intel_xeon_scalable_processors:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"4th_gen_intel_xeon_scalable_processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:intel:4th_gen_intel_xeon_platinum_processors:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"4th_gen_intel_xeon_platinum_processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:intel:4th_gen_intel_xeon_gold_processors:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"4th_gen_intel_xeon_gold_processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:intel:4th_gen_intel_xeon_silver_processors:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"4th_gen_intel_xeon_silver_processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:intel:4th_gen_intel_xeon_bronze_processors:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"4th_gen_intel_xeon_bronze_processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:intel:xeon_cpu_max_series_processors:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"xeon_cpu_max_series_processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:intel:4th_gen_intel_xeon_scalable_processors_with_intel_vran:*:*:*:*:*:*:*:*\"], \"vendor\": \"intel\", \"product\": \"4th_gen_intel_xeon_scalable_processors_with_intel_vran\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-28T18:17:31.504Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX\", \"versions\": [{\"status\": \"affected\", \"version\": \"See references\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html\", \"name\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240405-0006/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"escalation of privilege\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-693\", \"description\": \"Protection mechanism failure\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2024-05-04T16:05:52.199Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-22655\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T16:44:02.893Z\", \"dateReserved\": \"2023-01-27T04:00:04.248Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2024-03-14T16:45:46.683Z\", \"assignerShortName\": \"intel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-HV2R-VH4P-HQMP

Vulnerability from github – Published: 2024-03-14 18:30 – Updated: 2024-05-04 18:30

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-22655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-693"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-14T17:15:49Z",
    "severity": "MODERATE"
  },
  "details": "Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-hv2r-vh4p-hqmp",
  "modified": "2024-05-04T18:30:47Z",
  "published": "2024-03-14T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22655"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240405-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-22655

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-22655

Aliases

CVE-2023-22655

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-22655",
    "id": "GSD-2023-22655"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-22655"
      ],
      "details": "Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.",
      "id": "GSD-2023-22655",
      "modified": "2023-12-13T01:20:42.794373Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2023-22655",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "See references"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "escalation of privilege"
              },
              {
                "cweId": "CWE-693",
                "lang": "eng",
                "value": "Protection mechanism failure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20240405-0006/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20240405-0006/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access."
          },
          {
            "lang": "es",
            "value": "La falla del mecanismo de protecci\u00f3n en algunos procesadores Intel(R) Xeon(R) de tercera y cuarta generaci\u00f3n cuando se utiliza Intel(R) SGX o Intel(R) TDX puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
          }
        ],
        "id": "CVE-2023-22655",
        "lastModified": "2024-04-05T09:15:08.203",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 0.8,
              "impactScore": 4.7,
              "source": "secure@intel.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-03-14T17:15:49.930",
        "references": [
          {
            "source": "secure@intel.com",
            "url": "https://security.netapp.com/advisory/ntap-20240405-0006/"
          },
          {
            "source": "secure@intel.com",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html"
          }
        ],
        "sourceIdentifier": "secure@intel.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-693"
              }
            ],
            "source": "secure@intel.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

CVE-2023-22655

Vulnerability from osv_almalinux

Published

2024-11-12 00:00

Modified

2024-11-18 11:46

Summary

Moderate: microcode_ctl security update

Details

The microcode_ctl packages provide microcode updates for Intel and AMD processors.

Security Fix(es):

kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R) (CVE-2023-22655)
kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746)
kernel: Local information disclosure in some Intel(R) processors (CVE-2023-38575)
kernel: Possible Denial of Service on Intel(R) Processors (CVE-2023-39368)
kernel: Local information disclosure on Intel(R) Xeon(R) D processors with Intel(R) SGX due to incorrect calculation in microcode (CVE-2023-43490)
intel-microcode: Race conditions in some Intel(R) Processors (CVE-2023-45733)
intel-microcode: Unexpected behavior in Intel(R) Core(TM) Ultra Processors (CVE-2023-46103)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "microcode_ctl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:20240910-1.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The microcode_ctl packages provide microcode updates for Intel and AMD processors.  \n\nSecurity Fix(es):  \n\n  * kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R) (CVE-2023-22655)\n  * kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746)\n  * kernel: Local information disclosure in some Intel(R) processors (CVE-2023-38575)\n  * kernel: Possible Denial of Service on Intel(R) Processors (CVE-2023-39368)\n  * kernel: Local information disclosure on Intel(R) Xeon(R) D processors with Intel(R) SGX due to incorrect calculation in microcode (CVE-2023-43490)\n  * intel-microcode: Race conditions in some Intel(R) Processors (CVE-2023-45733)\n  * intel-microcode: Unexpected behavior in Intel(R) Core(TM) Ultra Processors (CVE-2023-46103)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  \n\nAdditional Changes:  \n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.\n",
  "id": "ALSA-2024:9401",
  "modified": "2024-11-18T11:46:59Z",
  "published": "2024-11-12T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:9401"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-22655"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-28746"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-38575"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-39368"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-43490"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45733"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-46103"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270698"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270700"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270701"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270703"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2270704"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2292296"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2292300"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-9401.html"
    }
  ],
  "related": [
    "CVE-2023-22655",
    "CVE-2023-28746",
    "CVE-2023-38575",
    "CVE-2023-39368",
    "CVE-2023-43490",
    "CVE-2023-45733",
    "CVE-2023-46103"
  ],
  "summary": "Moderate: microcode_ctl security update"
}

FKIE_CVE-2023-22655

Vulnerability from fkie_nvd - Published: 2024-03-14 17:15 - Updated: 2024-11-21 07:45

Severity ?

6.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N

Summary

References

	URL	Tags
	secure@intel.com	https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
	secure@intel.com	https://security.netapp.com/advisory/ntap-20240405-0006/
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
	af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
	af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240405-0006/
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access."
    },
    {
      "lang": "es",
      "value": "La falla del mecanismo de protecci\u00f3n en algunos procesadores Intel(R) Xeon(R) de tercera y cuarta generaci\u00f3n cuando se utiliza Intel(R) SGX o Intel(R) TDX puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
    }
  ],
  "id": "CVE-2023-22655",
  "lastModified": "2024-11-21T07:45:08.600",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 4.7,
        "source": "secure@intel.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-03-14T17:15:49.930",
  "references": [
    {
      "source": "secure@intel.com",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"
    },
    {
      "source": "secure@intel.com",
      "url": "https://security.netapp.com/advisory/ntap-20240405-0006/"
    },
    {
      "source": "secure@intel.com",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240405-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-693"
        }
      ],
      "source": "secure@intel.com",
      "type": "Secondary"
    }
  ]
}

CERTFR-2024-AVI-0213

Vulnerability from certfr_avis - Published: 2024-03-13 - Updated: 2024-03-13

De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel Local Manageability Service versions antérieures à 2316.5.1.2.
Intel	N/A	Intel Xeon D
Intel	N/A	Processor Bus Lock
Intel	N/A	Intel CSME software installer versions antérieures à 2328.5.5.0.
Intel	N/A	Bios
Intel	N/A	Intel Xeon de 3ème et 4ème génération
Intel	N/A	Intel SPS versions antérieures à SPS_E5_04.04.04.500.0 ou SPS_E5_06.01.02.048.0.

References

Title

Publication Time

Tags

Bulletin de sécurité Intel INTEL-SA-00923 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00982 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01045 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00986 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00960 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00972 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00929 du 12 mars 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel Local Manageability Service versions ant\u00e9rieures \u00e0 2316.5.1.2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Xeon D",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processor Bus Lock",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME software installer versions ant\u00e9rieures \u00e0 2328.5.5.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Bios",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Xeon de 3\u00e8me et 4\u00e8me g\u00e9n\u00e9ration",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions ant\u00e9rieures \u00e0 SPS_E5_04.04.04.500.0 ou SPS_E5_06.01.02.048.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-32666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32666"
    },
    {
      "name": "CVE-2023-27502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27502"
    },
    {
      "name": "CVE-2023-35191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35191"
    },
    {
      "name": "CVE-2023-32633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32633"
    },
    {
      "name": "CVE-2023-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38575"
    },
    {
      "name": "CVE-2023-32282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32282"
    },
    {
      "name": "CVE-2023-43490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43490"
    },
    {
      "name": "CVE-2023-22655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22655"
    },
    {
      "name": "CVE-2023-39368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39368"
    },
    {
      "name": "CVE-2023-28389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28389"
    }
  ],
  "initial_release_date": "2024-03-13T00:00:00",
  "last_revision_date": "2024-03-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0213",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Intel\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00923 du 12 mars 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00923.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00982 du 12 mars 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01045 du 12 mars 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00986 du 12 mars 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00986.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00960 du 12 mars 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00972 du 12 mars 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00929 du 12 mars 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00929.html"
    }
  ]
}

CERTFR-2024-AVI-0713

Vulnerability from certfr_avis - Published: 2024-08-23 - Updated: 2024-08-23

De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Cflinuxfs4 versions antérieures à 1.99.0
VMware	Tanzu	Platform Automation Toolkit versions 4.2.x antérieures à 4.2.8
VMware	Tanzu	Operations Manager Image versions 2.8.x antérieures à 2.8.16
VMware	Tanzu	Platform Automation Toolkit versions 4.4.x antérieures à 4.4.32
VMware	Tanzu	Operations Manager versions 2.7.x antérieures à 2.7.25
VMware	Tanzu	Platform Automation Toolkit versions 4.3.x antérieures à 4.3.5
VMware	Tanzu	Operations Manager versions 2.9.x antérieures à 2.9.12
VMware	Tanzu	Platform Automation Toolkit versions 5.1.x antérieures à 5.1.2
VMware	Tanzu	Tanzu Greenplum pour Kubernetes versions 1.x antérieures à 1.2.0
VMware	Tanzu	Tanzu Greenplum pour Kubernetes versions 2.x antérieures à 2.0.0
VMware	Tanzu	Platform Automation Toolkit versions 4.0.x antérieures à 4.0.13
VMware	Tanzu	Operations Manager versions 3.x LTS-T antérieures à 3.0.30+LTS-T
VMware	Tanzu	Platform Automation Toolkit versions 4.1.x antérieures à 4.1.13
VMware	Tanzu	Operations Manager versions 2.10.x antérieures à 2.10.75
VMware	Tanzu	Platform Automation Toolkit versions 5.0.x antérieures à 5.0.25
VMware	Tanzu	Xenial Stemcells versions antérieures à 621.969
VMware	Tanzu	Operations Manager Image versions 3.x LTS-T antérieures à 3.0.30+LTS-T
VMware	Tanzu	CF Deployment versions antérieures à 41.0.0
VMware	Tanzu	Cflinuxfs3 versions antérieures à 0.390.0
VMware	Tanzu	Jammy Stemcells versions antérieures à 1.486
VMware	Tanzu	Operations Manager Image versions 2.10.x antérieures à 2.10.75
VMware	Tanzu	Operations Manager Image versions 2.7.x antérieures à 2.7.25
VMware	Tanzu	Operations Manager versions 2.8.x antérieures à 2.8.16

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 24790	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24759	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24757	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24726	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24730	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24754	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24749	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24761	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24724	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24703	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24763	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24746	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24760	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24758	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24729	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24722	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24750	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24728	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24731	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24762	2024-08-22	vendor-advisory
Bulletin de sécurité VMware 24704	2024-08-22	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cflinuxfs4 versions ant\u00e9rieures \u00e0 1.99.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.2.x ant\u00e9rieures \u00e0 4.2.8",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager Image versions 2.8.x ant\u00e9rieures \u00e0 2.8.16",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.4.x ant\u00e9rieures \u00e0 4.4.32",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager versions 2.7.x ant\u00e9rieures \u00e0 2.7.25",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.3.x ant\u00e9rieures \u00e0 4.3.5",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager versions 2.9.x ant\u00e9rieures \u00e0 2.9.12",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 5.1.x ant\u00e9rieures \u00e0 5.1.2",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum pour Kubernetes versions 1.x ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum pour Kubernetes versions 2.x ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.0.x ant\u00e9rieures \u00e0 4.0.13",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager versions 3.x LTS-T ant\u00e9rieures \u00e0 3.0.30+LTS-T",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 4.1.x ant\u00e9rieures \u00e0 4.1.13",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager versions 2.10.x ant\u00e9rieures \u00e0 2.10.75",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions 5.0.x ant\u00e9rieures \u00e0 5.0.25",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Xenial Stemcells versions ant\u00e9rieures \u00e0 621.969",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager Image versions 3.x LTS-T ant\u00e9rieures \u00e0 3.0.30+LTS-T",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "CF Deployment versions ant\u00e9rieures \u00e0 41.0.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cflinuxfs3 versions ant\u00e9rieures \u00e0 0.390.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Jammy Stemcells versions ant\u00e9rieures \u00e0 1.486",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager Image versions 2.10.x ant\u00e9rieures \u00e0 2.10.75",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager Image versions 2.7.x ant\u00e9rieures \u00e0 2.7.25",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager versions 2.8.x ant\u00e9rieures \u00e0 2.8.16",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2023-46103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46103"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2023-50868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
    },
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2016-9840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2024-1013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1013"
    },
    {
      "name": "CVE-2019-9511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9511"
    },
    {
      "name": "CVE-2023-3164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2023-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38575"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2016-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
    },
    {
      "name": "CVE-2024-38428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
    },
    {
      "name": "CVE-2023-47855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47855"
    },
    {
      "name": "CVE-2022-40735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40735"
    },
    {
      "name": "CVE-2022-48622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48622"
    },
    {
      "name": "CVE-2023-50387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
    },
    {
      "name": "CVE-2024-26256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26256"
    },
    {
      "name": "CVE-2023-43490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43490"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2023-45745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45745"
    },
    {
      "name": "CVE-2023-22655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22655"
    },
    {
      "name": "CVE-2023-39368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39368"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2024-6387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
    },
    {
      "name": "CVE-2019-9513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
    },
    {
      "name": "CVE-2024-34397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
    },
    {
      "name": "CVE-2023-45733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45733"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    }
  ],
  "initial_release_date": "2024-08-23T00:00:00",
  "last_revision_date": "2024-08-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0713",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24790",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24790"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24759",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24759"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24757",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24757"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24726",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24726"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24730",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24730"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24754",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24754"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24749",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24749"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24761",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24761"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24724",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24724"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24703",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24703"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24763",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24763"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24746",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24746"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24760",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24760"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24758",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24758"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24729",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24729"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24722",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24722"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24750",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24750"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24728",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24728"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24731",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24731"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24762",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24762"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24704",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24704"
    }
  ]
}

CERTFR-2025-AVI-0855

Vulnerability from certfr_avis - Published: 2025-10-09 - Updated: 2025-10-09

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions 24.4 antérieures à 24.4R2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 22.4R3-S8-EVO
Juniper Networks	Junos OS	Junos OS versions 23.4 antérieures à 23.4R2-S5
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S4-EVO
Juniper Networks	Junos OS	Junos OS versions antérieures à 22.4R3-S8
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-S2-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.4-EVO antérieures à 24.4R2-EVO
Juniper Networks	Junos Space	Junos Space versions antérieures à 24.1R4
Juniper Networks	Security Director	Security Director Policy Enforcer versions antérieures à 23.1R1 Hotpatch v3
Juniper Networks	Junos Space	Junos Space Security Director versions antérieures à 24.1R4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-S5-EVO
Juniper Networks	Junos OS	Junos OS versions 23.2 antérieures à 23.2R2-S4
Juniper Networks	Junos OS	Junos OS versions 24.2 antérieures à 24.2R2-S1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA103140	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103141	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103163	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103168	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103171	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103167	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103156	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103437	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103172	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103157	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103170	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103139	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103151	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103153	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103147	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103144	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103143	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103146	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103138	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103165	2025-10-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 24.4 ant\u00e9rieures \u00e0 24.4R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions  ant\u00e9rieures \u00e0 22.4R3-S8-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S4-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 22.4R3-S8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-S2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.4-EVO ant\u00e9rieures \u00e0 24.4R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R4",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 23.1R1 Hotpatch v3",
      "product": {
        "name": "Security Director",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R4",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-S5-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24795"
    },
    {
      "name": "CVE-2024-36903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
    },
    {
      "name": "CVE-2023-44431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44431"
    },
    {
      "name": "CVE-2021-47606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47606"
    },
    {
      "name": "CVE-2025-59993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59993"
    },
    {
      "name": "CVE-2025-59997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59997"
    },
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2025-59995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59995"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2023-28466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
    },
    {
      "name": "CVE-2024-36921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
    },
    {
      "name": "CVE-2025-59986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59986"
    },
    {
      "name": "CVE-2025-60009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60009"
    },
    {
      "name": "CVE-2025-59989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59989"
    },
    {
      "name": "CVE-2024-26897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
    },
    {
      "name": "CVE-2023-46103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46103"
    },
    {
      "name": "CVE-2024-27052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
    },
    {
      "name": "CVE-2023-2235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
    },
    {
      "name": "CVE-2025-59999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59999"
    },
    {
      "name": "CVE-2025-59994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59994"
    },
    {
      "name": "CVE-2024-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
    },
    {
      "name": "CVE-2025-59967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59967"
    },
    {
      "name": "CVE-2022-24805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2023-3390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
    },
    {
      "name": "CVE-2024-37356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37356"
    },
    {
      "name": "CVE-2024-47538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
    },
    {
      "name": "CVE-2023-4004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
    },
    {
      "name": "CVE-2024-21823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
    },
    {
      "name": "CVE-2025-59991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59991"
    },
    {
      "name": "CVE-2024-5564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
    },
    {
      "name": "CVE-2024-26600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
    },
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2023-52864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
    },
    {
      "name": "CVE-2025-26600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26600"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2024-27280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
    },
    {
      "name": "CVE-2024-36929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
    },
    {
      "name": "CVE-2023-35788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
    },
    {
      "name": "CVE-2025-59982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59982"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2023-43785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
    },
    {
      "name": "CVE-2024-30205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
    },
    {
      "name": "CVE-2018-17247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17247"
    },
    {
      "name": "CVE-2025-60004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60004"
    },
    {
      "name": "CVE-2023-51594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51594"
    },
    {
      "name": "CVE-2024-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
    },
    {
      "name": "CVE-2023-50229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50229"
    },
    {
      "name": "CVE-2025-59974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59974"
    },
    {
      "name": "CVE-2025-26598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26598"
    },
    {
      "name": "CVE-2018-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
    },
    {
      "name": "CVE-2024-40928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40928"
    },
    {
      "name": "CVE-2024-43398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
    },
    {
      "name": "CVE-2024-8508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
    },
    {
      "name": "CVE-2024-36020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2025-59981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59981"
    },
    {
      "name": "CVE-2023-31248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31248"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2024-30203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
    },
    {
      "name": "CVE-2023-3090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
    },
    {
      "name": "CVE-2024-35937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
    },
    {
      "name": "CVE-2025-59968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59968"
    },
    {
      "name": "CVE-2023-51592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51592"
    },
    {
      "name": "CVE-2025-59990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59990"
    },
    {
      "name": "CVE-2021-22146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22146"
    },
    {
      "name": "CVE-2025-59978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59978"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-36017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
    },
    {
      "name": "CVE-2024-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
    },
    {
      "name": "CVE-2024-27434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
    },
    {
      "name": "CVE-2023-47038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
    },
    {
      "name": "CVE-2024-35852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
    },
    {
      "name": "CVE-2024-38558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
    },
    {
      "name": "CVE-2025-59992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59992"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2021-41072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
    },
    {
      "name": "CVE-2025-60000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60000"
    },
    {
      "name": "CVE-2022-24807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
    },
    {
      "name": "CVE-2024-47607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
    },
    {
      "name": "CVE-2024-27065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
    },
    {
      "name": "CVE-2024-36005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
    },
    {
      "name": "CVE-2023-45866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45866"
    },
    {
      "name": "CVE-2023-27349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27349"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2015-5377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5377"
    },
    {
      "name": "CVE-2023-48161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
    },
    {
      "name": "CVE-2022-24810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
    },
    {
      "name": "CVE-2024-33621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
    },
    {
      "name": "CVE-2024-27983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
    },
    {
      "name": "CVE-2025-60001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60001"
    },
    {
      "name": "CVE-2024-5742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5742"
    },
    {
      "name": "CVE-2023-50230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50230"
    },
    {
      "name": "CVE-2025-52960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52960"
    },
    {
      "name": "CVE-2024-36922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36922"
    },
    {
      "name": "CVE-2025-59996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59996"
    },
    {
      "name": "CVE-2024-39487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
    },
    {
      "name": "CVE-2024-27982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
    },
    {
      "name": "CVE-2023-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38575"
    },
    {
      "name": "CVE-2024-35911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35911"
    },
    {
      "name": "CVE-2025-59957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59957"
    },
    {
      "name": "CVE-2025-59958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59958"
    },
    {
      "name": "CVE-2021-41043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
    },
    {
      "name": "CVE-2018-17244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17244"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2024-39908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
    },
    {
      "name": "CVE-2025-26597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26597"
    },
    {
      "name": "CVE-2024-36971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
    },
    {
      "name": "CVE-2023-2603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
    },
    {
      "name": "CVE-2024-41946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
    },
    {
      "name": "CVE-2023-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
    },
    {
      "name": "CVE-2024-42934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42934"
    },
    {
      "name": "CVE-2023-51580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51580"
    },
    {
      "name": "CVE-2024-35848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
    },
    {
      "name": "CVE-2024-27417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
    },
    {
      "name": "CVE-2023-21102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21102"
    },
    {
      "name": "CVE-2024-27281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
    },
    {
      "name": "CVE-2025-59983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59983"
    },
    {
      "name": "CVE-2024-36941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
    },
    {
      "name": "CVE-2024-2236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
    },
    {
      "name": "CVE-2024-38428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
    },
    {
      "name": "CVE-2024-35969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35969"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2025-60006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60006"
    },
    {
      "name": "CVE-2024-36489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
    },
    {
      "name": "CVE-2015-1427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1427"
    },
    {
      "name": "CVE-2024-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
    },
    {
      "name": "CVE-2024-35899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
    },
    {
      "name": "CVE-2024-35823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2024-9632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9632"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2025-26595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26595"
    },
    {
      "name": "CVE-2024-26868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26868"
    },
    {
      "name": "CVE-2023-43787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
    },
    {
      "name": "CVE-2023-43786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
    },
    {
      "name": "CVE-2024-8235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8235"
    },
    {
      "name": "CVE-2023-4147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4147"
    },
    {
      "name": "CVE-2025-59977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59977"
    },
    {
      "name": "CVE-2023-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
    },
    {
      "name": "CVE-2023-3610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
    },
    {
      "name": "CVE-2025-26596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26596"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2022-48622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48622"
    },
    {
      "name": "CVE-2021-42550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2024-26828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
    },
    {
      "name": "CVE-2025-59998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59998"
    },
    {
      "name": "CVE-2024-26808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
    },
    {
      "name": "CVE-2024-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
    },
    {
      "name": "CVE-2025-60002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60002"
    },
    {
      "name": "CVE-2023-35001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
    },
    {
      "name": "CVE-2024-27282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
    },
    {
      "name": "CVE-2018-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3831"
    },
    {
      "name": "CVE-2023-43490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43490"
    },
    {
      "name": "CVE-2025-59976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59976"
    },
    {
      "name": "CVE-2025-59980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59980"
    },
    {
      "name": "CVE-2025-26599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26599"
    },
    {
      "name": "CVE-2024-47615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
    },
    {
      "name": "CVE-2018-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3823"
    },
    {
      "name": "CVE-2023-22655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22655"
    },
    {
      "name": "CVE-2024-6126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6126"
    },
    {
      "name": "CVE-2023-4911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
    },
    {
      "name": "CVE-2023-39368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39368"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2024-26853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
    },
    {
      "name": "CVE-2025-59975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59975"
    },
    {
      "name": "CVE-2025-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
    },
    {
      "name": "CVE-2025-59987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59987"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2018-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3826"
    },
    {
      "name": "CVE-2025-26601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26601"
    },
    {
      "name": "CVE-2024-52337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52337"
    },
    {
      "name": "CVE-2025-59985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59985"
    },
    {
      "name": "CVE-2025-11198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11198"
    },
    {
      "name": "CVE-2022-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
    },
    {
      "name": "CVE-2023-32233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
    },
    {
      "name": "CVE-2024-35789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
    },
    {
      "name": "CVE-2024-26327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26327"
    },
    {
      "name": "CVE-2015-3253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3253"
    },
    {
      "name": "CVE-2025-59964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59964"
    },
    {
      "name": "CVE-2025-59988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59988"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2024-34397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
    },
    {
      "name": "CVE-2023-45733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45733"
    },
    {
      "name": "CVE-2021-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
    },
    {
      "name": "CVE-2024-6655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6655"
    },
    {
      "name": "CVE-2024-41123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
    },
    {
      "name": "CVE-2024-27049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
    },
    {
      "name": "CVE-2025-59984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59984"
    },
    {
      "name": "CVE-2025-52961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52961"
    },
    {
      "name": "CVE-2023-51589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51589"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2021-3903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3903"
    },
    {
      "name": "CVE-2024-35800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35800"
    },
    {
      "name": "CVE-2023-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
    },
    {
      "name": "CVE-2023-51596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51596"
    },
    {
      "name": "CVE-2025-60010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60010"
    },
    {
      "name": "CVE-2023-51764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51764"
    },
    {
      "name": "CVE-2025-26594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26594"
    },
    {
      "name": "CVE-2024-6409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6409"
    },
    {
      "name": "CVE-2024-49761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
    },
    {
      "name": "CVE-2022-24808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
    },
    {
      "name": "CVE-2025-59962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59962"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2024-40961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
    }
  ],
  "initial_release_date": "2025-10-09T00:00:00",
  "last_revision_date": "2025-10-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0855",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103140",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-XSS-vulnerabilities-resolved-in-24-1R4-release"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103141",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R4-release"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103163",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103168",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Device-allows-login-for-user-with-expired-password-CVE-2025-60010"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103171",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Reflected-client-side-HTTP-parameter-pollution-vulnerability-in-web-interface-CVE-2025-59977"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103167",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-When-a-user-with-the-name-ftp-or-anonymous-is-configured-unauthenticated-filesystem-access-is-allowed-CVE-2025-59980"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103156",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7024X-ACX7100-32C-ACX7100-48L-ACX7348-ACX7509-When-specific-valid-multicast-traffic-is-received-on-the-L3-interface-a-vulnerable-device-evo-pfemand-crashes-and-restarts-CVE-2025-59967"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103437",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Security-Director-Policy-Enforcer-An-unrestricted-API-allows-a-network-based-unauthenticated-attacker-to-deploy-malicious-vSRX-images-to-VMWare-NSX-Server-CVE-2025-11198"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103172",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Flooding-device-with-inbound-API-calls-leads-to-WebUI-and-CLI-management-access-DoS-CVE-2025-59975"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103157",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-sensitive-resources-in-web-interface-CVE-2025-59968"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103170",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Arbitrary-file-download-vulnerability-in-web-interface-CVE-2025-59976"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103139",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103151",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-sharding-enabled-change-in-indirect-next-hop-can-cause-RPD-crash-CVE-2025-59962"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103153",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX4700-When-forwarding-options-sampling-is-enabled-any-traffic-destined-to-the-RE-will-cause-the-forwarding-line-card-to-crash-and-restart-CVE-2025-59964"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103147",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103144",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103143",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Receipt-of-specific-SIP-packets-in-a-high-utilization-situation-causes-a-flowd-crash-CVE-2025-52960"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103146",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-An-attacker-with-physical-access-can-open-a-persistent-backdoor-CVE-2025-59957"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103138",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4-by-upgrading-Log4j-Java-library-to-2-23-1-and-ElasticSearch-to-6-8-17"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103165",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-BGP-EVPN-update-message-causes-rpd-crash-CVE-2025-60004"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-22655 (GCVE-0-2023-22655)

GHSA-HV2R-VH4P-HQMP

GSD-2023-22655

CVE-2023-22655

Vulnerability from osv_almalinux

FKIE_CVE-2023-22655

CERTFR-2024-AVI-0213

Solution

CERTFR-2024-AVI-0713

Solutions

CERTFR-2025-AVI-0855

Solutions

Tags

Sightings

Nomenclature